wannacry | hxxps://www[.]mediafire[.]com/folder/ca7e1i4dtsedk/R2R

Analysis

max time kernel
1200s
max time network
1201s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/ca7e1i4dtsedk/R2R

Score

10^/10

wannacry defense_evasion discovery execution impact persistence ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDC44B.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDC452.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 64 IoCs

pid	Process
5304	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
5576	taskdl.exe
4656	@[email protected]
6136	@[email protected]
5100	taskhsvc.exe
5928	taskdl.exe
5932	taskse.exe
5104	@[email protected]
2660	taskse.exe
1156	@[email protected]
4948	taskdl.exe
864	taskse.exe
4292	@[email protected]
5124	taskdl.exe
4612	taskse.exe
3512	@[email protected]
6124	taskdl.exe
4356	taskse.exe
1920	@[email protected]
1472	taskdl.exe
5040	taskse.exe
3280	@[email protected]
4040	taskdl.exe
1156	taskse.exe
4996	@[email protected]
6116	taskdl.exe
3176	taskse.exe
4784	@[email protected]
808	taskdl.exe
5172	taskse.exe
5472	@[email protected]
1952	taskdl.exe
5296	taskse.exe
2492	@[email protected]
3580	taskdl.exe
2552	taskse.exe
2484	@[email protected]
5000	taskdl.exe
5620	taskse.exe
5944	@[email protected]
1484	taskdl.exe
6060	taskse.exe
5972	@[email protected]
5416	taskdl.exe
5680	taskse.exe
5796	@[email protected]
4448	taskdl.exe
3264	taskse.exe
1968	@[email protected]
764	taskdl.exe
2092	taskse.exe
1216	@[email protected]
5460	taskdl.exe
6076	taskse.exe
3472	@[email protected]
5064	taskdl.exe
4956	taskse.exe
1764	@[email protected]
5736	taskdl.exe
3692	taskse.exe
4344	@[email protected]
5152	taskdl.exe
5132	taskse.exe
4728	@[email protected]

Loads dropped DLL 8 IoCs

pid	Process
5100	taskhsvc.exe
5100	taskhsvc.exe
5100	taskhsvc.exe
5100	taskhsvc.exe
5100	taskhsvc.exe
5100	taskhsvc.exe
5100	taskhsvc.exe
5100	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5240	icacls.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bindxefohygk561 = "\"C:\\Users\\Admin\\Downloads\\RANSOMWARE-WANNACRY-2.0-master\\Ransomware.WannaCry\\tasksche.exe\""	reg.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133638221992071810"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{F5066901-7888-40F5-AA4F-6A9B174383F3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
3972	reg.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1064	vlc.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4648	chrome.exe
4648	chrome.exe
5100	taskhsvc.exe
5100	taskhsvc.exe
5100	taskhsvc.exe
5100	taskhsvc.exe
5100	taskhsvc.exe
5100	taskhsvc.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1064	vlc.exe
5104	@[email protected]

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe
Token: SeShutdownPrivilege	4304	chrome.exe
Token: SeCreatePagefilePrivilege	4304	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
5856	7zG.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
6056	7zG.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe

Suspicious use of SendNotifyMessage 62 IoCs

pid	Process
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
1064	vlc.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe
4304	chrome.exe

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
4656	@[email protected]
4656	@[email protected]
6136	@[email protected]
6136	@[email protected]
1064	vlc.exe
5104	@[email protected]
5104	@[email protected]
1156	@[email protected]
4292	@[email protected]
3512	@[email protected]
1920	@[email protected]
3280	@[email protected]
4996	@[email protected]
4784	@[email protected]
5472	@[email protected]
2492	@[email protected]
2484	@[email protected]
5944	@[email protected]
5972	@[email protected]
5796	@[email protected]
1968	@[email protected]
1216	@[email protected]
3472	@[email protected]
1764	@[email protected]
4344	@[email protected]
4728	@[email protected]
5052	@[email protected]
780	@[email protected]
2756	@[email protected]
3100	@[email protected]
3828	@[email protected]
1028	@[email protected]
4872	@[email protected]
4088	@[email protected]
3484	@[email protected]
1700	@[email protected]
5192	@[email protected]
2756	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4304 wrote to memory of 2980	4304	chrome.exe	83
PID 4304 wrote to memory of 2980	4304	chrome.exe	83
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 2924	4304	chrome.exe	84
PID 4304 wrote to memory of 628	4304	chrome.exe	85
PID 4304 wrote to memory of 628	4304	chrome.exe	85
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86
PID 4304 wrote to memory of 2640	4304	chrome.exe	86

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5204	attrib.exe
5620	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/ca7e1i4dtsedk/R2R
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a8e3ab58,0x7ff8a8e3ab68,0x7ff8a8e3ab78
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:2
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:8
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2096 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4188 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4728 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5040 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1572 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4792 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5292 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5032 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5736 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5724 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6084 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6544 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6628 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6788 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6776 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3276 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5364 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4088 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5316 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:1
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 --field-trial-handle=1932,i,9387445466071340884,15656134350693211826,131072 /prefetch:8
  2⤵
  PID:4504

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5096

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x4c8
1⤵
PID:2212

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2404

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\" -spe -an -ai#7zMap24972:122:7zEvent4696
1⤵
- Suspicious use of FindShellTrayWindow
PID:5856

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\" -spe -an -ai#7zMap2949:162:7zEvent8305
1⤵
- Suspicious use of FindShellTrayWindow
PID:6056

C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Sets desktop wallpaper using registry
PID:5304
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - Views/modifies file attributes
  PID:5204
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  PID:5240
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5576
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 2861719348816.bat
  2⤵
  PID:5828
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    PID:2376
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - Views/modifies file attributes
  PID:5620
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4656
- - C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:5100
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  PID:6100
- - C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:6136
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      PID:5172
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        
        PID:5360
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5928
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:5932
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5104
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "bindxefohygk561" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f
  2⤵
  PID:1028
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "bindxefohygk561" /t REG_SZ /d "\"C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - Modifies registry key
    PID:3972
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:4948
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1156
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4292
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5124
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3512
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:6124
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1920
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3280
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4996
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:6116
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4784
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:5172
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5472
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:5296
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2492
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2484
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:5620
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5944
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:6060
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5972
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5416
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:5680
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5796
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:3264
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1968
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1216
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5460
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:6076
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3472
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1764
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5736
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4344
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5152
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:5132
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4728
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:880
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  PID:3236
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5052
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:4628
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  PID:4140
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:780
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:5680
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  PID:3748
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2756
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:5772
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  PID:1280
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3100
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:3848
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  PID:3720
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3828
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:1096
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  PID:5916
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1028
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:2728
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  PID:4400
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4872
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:5776
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  PID:704
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4088
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:5572
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  PID:3696
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3484
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:2480
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  PID:5796
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1700
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:3348
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  PID:6100
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5192
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:1012
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  2⤵
  PID:5468
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2756
- C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  PID:612

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:5716

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\DismountClear.mpeg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
69KB

MD5
2280e0e4c8efa0f5fc1c10980425f5cf

SHA1
1d78ccb26fef7f1bf5bf29de100811e1ac8bda23

SHA256
b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74

SHA512
b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
328KB

MD5
a35818dff56cf899fa7ef9c991b0a801

SHA1
59ef8a37cc0e7b9e5708053c0053d2a852b2ccd1

SHA256
076f15e5cfc4216c27422e1b97a711965aadaab078cee9cb826e2c6dc89d5ecc

SHA512
62faa012e804d54a1d77bfaefd26f6c0edfa818c1775c496a3f5f3629049d17cd661fdbb34d43c8ba4c18cd2f657eaec1a778969130469332062bba9f9d345c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
105KB

MD5
36fa11697554cc15aad70da4e29603e1

SHA1
5e59fbb07fbbb4f79e259f657c6e51e7b51ac47a

SHA256
4d9a129594f32974b7f8a5ae3e38cfb988477d28629d8387462ce20efeabb41a

SHA512
9d8754049aaab29a087acf0f5be862c7e2fb84e9e28df09ed8913c34979731f106e4e43523c5e0cebe50622dbe5c8ed2d932c9990def23d858bf0df3c62e3043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000098

Filesize
178KB

MD5
05af1691bbc1919ed119e2007fc67fca

SHA1
fc06053be28885e0d152408b76e868af2a8636a4

SHA256
23939d5fbe93b4a3884a32dbb4f5acabb91580b16e41864b16ace1f28a183c71

SHA512
0693133b261f218210f56917c0271f2cea5328b41d4dfcadefe8f4ce404ce3eaf3d2be1c5d7f8745d3c4ea1b5a759b3d011565bf67e8c358bc13292ad7173997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c0

Filesize
19KB

MD5
bb30ea3b46964f49ba85f475efd1fb6f

SHA1
1bb4aae7781af8b933e1dd4dee56879a3ef92d38

SHA256
7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6

SHA512
bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cb

Filesize
22KB

MD5
38cc6bff84a4f75bdf6c6b63a0cdfb14

SHA1
8cc72769712b57649e6e847b90dca78c2de69d7f

SHA256
36ff5a1eda382321e39cdd98ffe16544d66ac3e1c829e407ec1ab70af1a7c947

SHA512
a6e16845a7b2533ab4035037c9b014661b14c14dfe25d55e9a388d3ffc6dce7e66d6398864a3218dcf78b89a31126da1c93942230e5ef91923b3bdc3d6d9e9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
eeae52bf878286f2222e1781b358f1a9

SHA1
ecc3ad02122f5e194e12e05c7397a88928445906

SHA256
11f83d67bf70d6a8471710d6aa0ff69f2e56a018b102d86d4265ffc10ccefe9d

SHA512
01a00fa623d5a7c92f0f2b6a6bc0ee35296abe56511fa9c79f57ee31e4010fc3ae6af1450e9d7675d0df26d548be4e2a355c4cd10a997e7011a111fadd7d6675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4bfe70eb843256ad0a0794386ccbbb07

SHA1
b8ac77ce90c07883650f1bcd2813c2c17fa10687

SHA256
2d88ed554f28c510383e6ff385781378ea2498114cf44cb8815ae31715ee7f43

SHA512
34aaed0830c39b269009b14e51f59950227c0d97825d8c8a14ca867dfacfbd9748494e1a65b2a1cf53abb31d1baa9ea243f98da180bdfa0f8968bc168b4b3acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
bf27c110607cdf951279d8e5faf646dc

SHA1
2cbfc546e7722a5a88bacb3599f5f0b15d6c18c7

SHA256
2fd6ce4fb57c02e8df4017d17e9bd2df817eaeeef187947f33301efe747cc499

SHA512
fe2d8e40cc269ba11dd90b0eda32fd3b662c92ad33aed675444643b82a3570406c00aa10dbc376c65e9bef3e7028983ab2562337dca5a8de2b25eaae86d17590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
da7f17311fef7c691a34e7e9f710d6b4

SHA1
7bcca72200efbabb0daf0b39279c07002a0fff3b

SHA256
b6a93280a3b4e853e748c103100cc494a8f4b558f2a25eda4b04e7b974891f4b

SHA512
82ace6bc2679946c43e3e190de38545d5595ad0d5dff9fc6917897c6e1dcdde089248a3f2600200f148fc9fcc0b4374e505b9a25a3e7d366fddfeaf46790939a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9995fe447868312cfa4622631ad7f6dd

SHA1
7eccbff47f9e0653bbf6cf649981742e40ed70f8

SHA256
b7bc9b8b2b962995f768584c9af0a29019c78d9e93c4a7ee39bd435b43758439

SHA512
1f7473dff4ce4b4a0cc320bafac150dd9c8104a04ccf81573307042c8a02341d35235dd49bc457188ee00a80eca99f6c280d38967cc51a0aff1040618ee4ab0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
415d6759dad45eb73d2ce9e4bc556830

SHA1
0321507df70eafd8935c7082e9845723ffcd4111

SHA256
d0de1f35d5e92d18908a21e99a1ec01d62aaeeae2b78acdd85f8ccd1cea899d1

SHA512
464ab3d1743d4752eaf046a92abba86a091da82b121281a67db3c74771758a05fb670bb5d4ff2c26583b6b1e40af959e9d966ffefc663368caa2ef854a8735c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
48c2eaf39d83edb866cc8e1d1eb14573

SHA1
e44edc30d9e69de6d1cc5910856ebf6ae6c5577e

SHA256
93f0404327ae273d6f1a1a4974447b18c19264f785d605ea272c7836d25aa865

SHA512
499ffbaae50bad33532a43e408b028c9d981f86502a7982c757ecce8ea96e9f1cb0af065b125419d34eb1e83bfd572f48e12048d0b0455e15d912d801e863567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0dd48417406d0ba96eab5286b3c58349

SHA1
efb9d44498a0aad43facddc505a25fb3ed4c3b2e

SHA256
ba169d419127954bb41bbaf75c8463d7626f57cddd56ecc560d37502879d3798

SHA512
3ec99ffdaad8835f24a9f8980bb284fc0454d6efe6097f143eef7b6839579c1484ecac471d49736911a9f0c387115405b57e9931009dac9a58662cc503790ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
6d53343ada7ff40db13d5125ae9b9869

SHA1
4f9a210534192a93a9fd9ea9460eb2f9abcade62

SHA256
4ea04ee54ac7c7190bb5302ec8e77e92eeb7bca146e965d1c2d03007dd581c6c

SHA512
a9f2ccf1cc7c92ec09744d16dbae50514096a386e7de2770ccdd3abf636754280e869e2a2f54fe8fbd2e40df97a4aca6ff647b9420be31d0d0d2430d1c970ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
1f1384192f5322b4d8463ce42cab410d

SHA1
efbfb697453f26cad310e7da144df84a4268f0b4

SHA256
3949e3d412100532873704158831d6eb276b27ad23b48265f7b958b1ff9825d0

SHA512
b7d806b8b8d98225330c59401fea611f6c83954c9c110704f4603bab8b7e45a42c4ba04f4e0193e61694214ea3c06ed95a2fc331cc3768bcbaef5fa187ec5e05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
4d34b4c8720b33cf3b895e5e4138abeb

SHA1
fb652a6f575d34f5f7f7e2aa4f8004b048d4ff11

SHA256
2ae17480de27c0637b57dc104e112514dfb25c915a815b9f0a542f27a0544f18

SHA512
cb38c18ace44a30950d0842bcbdae02ce488ea317a94919a224618889cc3e66c8d1240352290f6a0a529f106415d2f8482b0cb88a5d905a034a21bd3767f2975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
791aec708c9f4a09caddd1a11b0097f9

SHA1
c86dbcb390b90899571035b6685150c059cf56b1

SHA256
159e958102f1774e9b413887121619c007e552151b4d5fe9504c8e223f53da42

SHA512
1142c804537151725c719b58a186d843aa0b61f21d4625e04d659006a44932b9d43ff5cb4d39f3359da5d9b3b0178c5170956174309eaa4ca79fedcd95ecc5f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
29653c461bffbbe567b791a8b95fa293

SHA1
0af48455a4df5bed8a2bf986bad30218329fba2d

SHA256
d9243378eb862266465d7dae8e1d37e338dbebc41a4e712bf527005ec4105cd4

SHA512
b9c4e115d6d5a91d260c36e245f63a8b9da5e976c99b99e1a151a5fa46f735938b7068ef496f2240207dc4c1a692a5808c129eb802f7784f13012ac05f3e257e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
21d58910b5b73ce799ed51f2df4b5563

SHA1
2ec7ccb77b27ebe262c6b57efa5b5ee69fb3c41f

SHA256
4b9da1aa85c66bd29ced8931b7e8d4ab85d686a52cd81e0e37797fb9694cfad3

SHA512
331180fd093e436a1fb2cfea5fda8072e3ebcfd7ef8475e6c8ff428f9e66affff1b86c2e09a7e5e67cb9aba8b129e9a1a0bd6cdeb0edb07b296a61e993c00161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
372334b9083a7573f919656c81a3b2f4

SHA1
24d22a4434653aef99c7303b092c5a29f1b2d9dd

SHA256
6aebf56fd45baddba591109eb93e1f8e2c389cd25004ca8dee8baaace3e55513

SHA512
a18bb0176ce973a13c71d94a89ddc8be5662e0337d30de8802b4733efeebc767ab144476153c1209097f635ccf9788ce18f03e3cf969451344b374657aa7fa80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
21ddab20c89545275cc2caab22b09390

SHA1
db702d654da5a43f3f7bb0370c494909743a6373

SHA256
1b3eda607f206ba75b4af2a1c4c5982dd46704a13ea5b223f5a44622c84684c4

SHA512
3ff7637a52717cf63c1e60b589f4fe28112f644f34633f38f401b1d92f775e8a700fcc2baf02e72ce7b5a1150c6980f0f27d5c3279aa6d9cd117361e6750b1db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9a5e1793d406ec19cdfa7a630a06a5ef

SHA1
b77a58e75bd89dcf3ee4ae5f48ca1c7ae1839e38

SHA256
3cd91a68bbfecbf99540375053d84d6d9cbf9ed586861d135c1321341ac5aedd

SHA512
4267d494681ac2623e44ca8b6a44dec06237511154ad3a11e87d2971d70fbd47679c82a2ccd0813ff5ed84d7ae346904647f0eed8e7f8d1f2dd614be59958e77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f81cf8b731a3f21f61377605fd242489

SHA1
ddc61005377cac4017a817b36920a78b9fadf956

SHA256
9843f73fcaa80ca5cfe5a551a69281f13762f87b342840262be3286456514963

SHA512
d12d740781f04bff61c9bafeea5234d2e84913063e13d350507549538522975bafb2c2ac9b3743c625cb2debf12f0f231df0c70bd73b90faf4fa2a7b89e75bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a13d2bdd462fc8e7ab16302dbd6ba3c9

SHA1
e16e9d944e99f84a4d5f32ab7e79fcd6e98ab584

SHA256
a7b995c24fb17d97c6df45b2f35eaed5254f2a5757a9a6813ca08f1718f0ddb5

SHA512
11315359774c42ed6c26d0f737a3e92c6a817c87b94ef961cb2415a5773d0a5631f1c1864ec0d1add9801497fddb7e0297506ce7f0b4dd427d315755b19e0ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
248e8a845b696044ae71afd4ac6e0f38

SHA1
20340bdf1111dc79703c5e3ab9911ba605f61dd2

SHA256
37271858454af03d8b8e74e8b87b4b9ec183ad122376b92eec787833c69651c1

SHA512
71ab57a53c9d7da2b205d573bda35edcce7507185d3d345b49088abfb847122594994b47e1795498ca119c9e2cf1727b08a724d2fa7d8d0ad0aaa2db1733535c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8e4bd17c97ee390c65199be4ed792be7

SHA1
646c1f6cf3e549a64d89d579ce8a3435b168c0da

SHA256
d5a53344c8dacf305d06a49e5bc4892367e400610a00d422b7ef7efc9c421fe2

SHA512
2b6269869f7f75f012054b10e4e2a00569fdbeed4786b139dd08603bc448508739e4fb502b7d852cd58736f527799014d88b81c52468d390580e20e6dd381068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
9c3904230ea7ab19527c3795adf07190

SHA1
427d0ebaca573fcc5eb5ca43fe317a91150ada0c

SHA256
c2d524de66426bebc1bdb0024bb67dc55a4cc21b3ad194d53f854851eb582702

SHA512
51b8b7f39a239ff2b4b0ae34f579781188f0abf8cc98c846a8e69f82755ed2a26474a492ad17a2f74202e7141600ca3b5378cb55b183b95f25734752a495e0d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d3d0db833829860afeafae2622876cba

SHA1
76dc39fdc85443ff37075a8049b9c282b4d3dd4a

SHA256
9099ed22cd358b48595e579747c19cd2e2afda5c80af34fc5dfe8e8da13940c3

SHA512
134a7c523cf6ed3a46271adfd28d86d8160aeed763382128c032ce3e65c67765a4729c2cb6ded4dc1e02ceae835fab9e90c4268aabbaf7b4e22b7ed095526743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9b8d0fea8d88ea862e6611633ba60f1b

SHA1
2c04c7d6a467a749b497a09f6edeb29d11e1bd8a

SHA256
a172089b42974a000e5e100a3e6f768401030c50603b869b8a1ef2639ca24c16

SHA512
9b88ecfb59b30a473a820b5fced35bfd0a9673f3a438a88fd310ad7d076e206e71943ed77d4bb68ebc6c42ee432637bf4831cf279bad53a859538a3625718bce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e7035252b899ef5b336fd00f889ceaba

SHA1
9c241f8afbdd6c1e6a7a6841ae72fe9664cd668d

SHA256
da050e58aa3d2986ee0ade3a749789988a74ee55658fd22f7fbd7bcecf0cf549

SHA512
97f9f8ad257d4a885273f58f978e739ba7b5df6a22f123cb9ceeb6aff8794f15a41e14f53ac39fceef880f90297e296e33b05183b09580f36fcd42c8225ea732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a0d1c170d767a682e1778f43a2b10c5b

SHA1
540f7e8e04515c60a83acaba1cbd1a23fbb6b452

SHA256
527d76640981aed4e8cdd9ec802344d4a4db2aecc83f45f6bfdf6b5020737897

SHA512
3a1cd613e3ce4345aff817b6527024ad5be3d217ebd7b121fe55246cf3e449e70046bf346d121b63ce9ba3f38c14ea99e4780b85e41022addb0bda95428b3bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
71178804b746e3532cc1a0d56313acc6

SHA1
05ba585388fb60f90ac2e449450ed0d4af80cbc5

SHA256
e72ec0497e3ac3a2624203a9fdf547588fa7b72b73ceb25be67c6a75b67a00dc

SHA512
0121fe2f88e68c80b8d05847c753676a072d666c53b28f892cf69467c533848646cd478a44fccc52e6e7e52a4dc59c0b71813a79fefed879176bf6c6f6b5bc50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
478da46d83317a7f8945af9ffe729383

SHA1
1f47024a856b28d9792b68aa0f12d0431fc2d937

SHA256
988030d77acd9805aa5e3c5c15a48d74e0917f649545ed83580dd4aa49c45b42

SHA512
0c3da3f90696e37e9302a8ed4fd28ce8016ed1600a37d222175b21aae16532ef3319d741af64d8463b291fcfe9bdd9d94f772b607b03e66ba839ed8707ee6440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e1bd6bdc35ecfbd45c6579e3ac17acfd

SHA1
f99da155da30ed308d0267cb75d19e5b27af7975

SHA256
1fb8dabf01d5b7f0e80886871e1ad1a0d33d705e0551655006f2b4f26667f711

SHA512
6080163f33ab4c7993997f056381d462ba8d264446fffbeda45d21652e9a3fda928f24bc85c6c7a5f2c29bed76099ad9ec2fe91eb4e2353165b6949d81fb01ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ef4e4374451a57a82aa3d75a8b64e8af

SHA1
f9e916fdbb45a3fa55dc54bc9f9737fe5139b6e9

SHA256
29090ef6e569879bc88afc75c4e0874a7059e087d62072167f2d69b94cd54ad3

SHA512
2081da6ad8bd68651e7d8ae1cf4af625c03037906f594cb877765510c38618fe8ebe57d7ecb5412579315e835004f632ba2ba0ee8955baa76cf27c6573b88a4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bf9e6b50-fe49-4276-8df2-ae7b2557ad10\index-dir\the-real-index

Filesize
2KB

MD5
3882d9a83381e711778aee43eed9eb56

SHA1
02efafd3008a4b63a9d5cdfe86d55ae7e5fab873

SHA256
4c4ab31f9d2cfb5f4d5997e252a3e2a7aa653a3476d30978360cba638095bc3a

SHA512
bd1b60a0416e3e5f4743d42bf30f53dbb0aa7d7aae784351d78828ffe0c42b09e03c9d7a6033653d779dbc86508e118f1e8c11b009f5d1fd463dcfd79932c8d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bf9e6b50-fe49-4276-8df2-ae7b2557ad10\index-dir\the-real-index~RFe5d567f.TMP

Filesize
48B

MD5
89265d3b62e5b302ba457fb3c3d690ad

SHA1
6ad86dff56a0cf1623ab540dd603d37004b07f3e

SHA256
906f37519d51f6550a0546362a41946675b931a3fbcca2ae5acd166f7083a66a

SHA512
cc648d6e76986861c5b9fa1dc3b57693fe473b5287f88b3e187fe8dcf210542aa9c1d436502aff0a87ccc092e3b5a47715e5071dd2b576d4de253c8f31166860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
328293de4ff06098e7dd73d658bcbbba

SHA1
0cc2d78bdd65b7bf8f651986b97dd4b7d6dac69a

SHA256
d949b543d2f98ad013722933720a80eb94b7779390fab562225eb1ec77008db7

SHA512
9625d23545cbb7ebbc9a084f349364c3befc812925c34f5ceab0794b2f42c48ce7089457ef0013c9a51da3201dba94db53441b34e970c9cdd740501ea2d1302f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
ded66e5ec1a1923daf600fb11f7418f7

SHA1
d25254d9ef4af70d6a380007f769f9416b4ccee6

SHA256
d70386b30fbd616a4fc748bddf1fc3c4bd160a3dd5bcdc44b0a268e72af1b96f

SHA512
81c98be63a3566838cd01c5eb5ced17e2fc596a5ddfa4428690be5727154d2e33761a7fdf612b23ddde64416131db63c9548cc6dc0753fc2eaa8a74f75fe2fba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
a0b670f669adba1f531426460eefa10f

SHA1
4a7378e44156a9272b12ec654d478324ce91f2f4

SHA256
40b8464d769385b1580124eb64d3403c29c0257e563f1eae581960bca01a7b13

SHA512
8b7dbfcbac3f0220c985e11dd15da5cccd53b52ed1293b172c09088853cc5804a7d84f9d964461bd0d991d7450c79beabc74178a6f8666c9a21ed0b4eb1b712c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5cb8f7.TMP

Filesize
119B

MD5
0fb2bd6de00ff09b0ec0dfbd417376db

SHA1
1167d8051ee01c5be2cb235198685927a3fbb3cb

SHA256
e210b7e111202c08aec916575507b346f030d86da4d71b6482d3f76626dec508

SHA512
fbb80d5874a74f0fa843a786d6fbd7b8ff5f30e5fed0fae9abd7d5adaa9533c46188107ba6b6a9bf288d22dc5f838d873c796f03a2dd2659297c5cc7619cd59b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
55fa800a245adeba85811ec109d3714f

SHA1
b1faea6b8c640724c398f1af4ce3ea97accfe1b9

SHA256
0b213a3308ee1e7cf3506bdc4ee74960c93ed7a60a68cb77d71014ecb9ac2837

SHA512
cd04d9c5a58bca2f962cbb74ec872ba3fc8aaa5a38ec8d116820de76ea0f0285573b1700463202be8343522234d5d13cdf15741509725161cde9505fc22cb93f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d07f2.TMP

Filesize
72B

MD5
e90c520c31a0066f712eba728fbea929

SHA1
4dd09a90a24ea1bed025a8e34a8e15ce2487e863

SHA256
1b23fe51bec9d02ee20b60e4291b87a4c770a09dcc822517e9c68238318666a5

SHA512
538af3cd5d5bc813f971535d685d781c0cee0ee052adaefeafcd7f542cb4206707408bd6db8d80d57bb3875ab45ad299900fa1db15c02047ad85e19bfe85916c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\dee995f5-8d68-4222-8f9f-aa9f570c8490.tmp

Filesize
7KB

MD5
b786115d4cc0a532c486307bb9f0b89a

SHA1
91b02d762102100a8cb5f472c6909b0183c524a4

SHA256
4c76708f45b09ace2a32bb0b23b53c0f87e62aad17f2cb46f5b89e066ae9f267

SHA512
373b3bef0fa16e3ce3f022c1e24a2f82de87e7801b4200bb6f7bd5ce263ae0c051c38d9d0dba82972aa3bee167fe7769bca9299be11d2bc92a81f81e91a1a4fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
b85c4bbca69004ec7af955ad0b60acce

SHA1
c4fd4fb5bcb314128476cfb1cb6afb4586e88a44

SHA256
c400b8a451b2979e0ec8ba99f15cd39f043d532e60c92344e95ad38d9d04a972

SHA512
5702c8d0dcd18222438b8e60407e0155f326538da555ce05fd8800192391f7030589bd9c12b92ff7c87dc3ecc6cb2530786defd28e54ce6d94dbe83b22ad9e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
baddfc0f0b37925c54f7668dc0657436

SHA1
695cc20d7303c7dd3455e449de248a5c4e2cd8ab

SHA256
7940a6e7c5123c9e3a955fc1e05ac2f296ddecef7bb83fb9e3f11f7ce6c9b1b8

SHA512
b210d0efe53dd2b29858abe5a505bb8fd94054e2072a89e7522b246926c5643f5fa327780d9fbbcabb1da2097adb9e4d312dfe43cc6c48ae0232210130e6261c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
d99502304265040682c6574f71e212f4

SHA1
fb5de151e3703747d800c5ddaa1cbba74ba76837

SHA256
92e9c2b2149bca6180d623bd61839f23d61fd48e51f681f3fca10385cd9e95ea

SHA512
be3d65668b1b67b596b6740f754da37c212732e7943927b50ea84b2d474461f508e73a3146a5ec4125535745c6477d4111e72a7334f92b1dbe8191b9eb18e82a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
ee1fac904cd357a104edae16327398f2

SHA1
c29a4c44f1e134f0db3293f3a445c4ba21a44649

SHA256
e10ab8add18362917cb8728400664568ce0968178df0bb32d37e7a6437e72577

SHA512
8262ebde699e099c392cd7c2ba917296004c66698cb32734f9a6dcd671213c8af6d2bbb23e988361ef4fad0da416739d9baaf89310dc00a8ea2fd2484cfc83a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
bb60c4a6a74c67942baa6ab4b26d24e0

SHA1
daea2d58e9165c7f569b6f6111312b7bd1aaac58

SHA256
e82b6117d2191a31e85b7c47d29d32bcc45b6b09604f4532c2a5caf9f9b572a4

SHA512
624dbed870fbebb9c978db7abb02f8f0f5558cab4b33a60d5d7645430d249625dbbc610d48fcdee5689f6cd6ff8c3e41aaa2eff98e8f924163b7ce42f03e8d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59a54e.TMP

Filesize
91KB

MD5
7bdbeea6af6d77cadb4284cab535908d

SHA1
828fab242769ded346649f17bc5382e5b9494e1a

SHA256
1e6944e72dd676b26f6d3d8afadb0dee9c103798743fb99ab1567d39e3c221c9

SHA512
f0c1b21ea2163b71b7572e119f510b1462f5204c0c28b2108866c1836f3245f09fcf4b1166617298abaf4fd02ace5854aa023366c9328c2957a4ccae86beaf12

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
6.4MB

MD5
1a61b7fc5b698f89ff0578df28702844

SHA1
8112fd4079f3a91e5bf2402f12f92c3f41d941f8

SHA256
dff164c7d61b414ccb23fbb695801610eb6839f2fe8411f2cd4cde6160e78cb2

SHA512
5c36a055512de7576e8a56e46e15a77cec16aed2b0c825467718b3c88196151cdd37acce36485fa0ffe218ff54244ec4ae34d766b9c6eaa7316cdde72ccf6fdf

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
80B

MD5
b127838f29ef8fe0ea30a951bef66976

SHA1
5ee4458237907e72c5366e32e552a5eaed60943d

SHA256
8a1c8fe13405ca654396db98cc35a6d5b5c638f80da83b0909f7fd0fec474f9a

SHA512
6c020eb59932d6a62fae78afb0172ca6e31d7d31515a323d18dc3d27de702739414175c0f457ebaeee9fa33f1080023e5f19cfed632adfdb55371481fa48162e

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip.crdownload

Filesize
3.3MB

MD5
017f199a7a5f1e090e10bbd3e9c885ca

SHA1
4e545b77d1be2445b2f0163ab2d6f2f01ec4ca05

SHA256
761e037ee186880d5f7d1f112b839818056f160a9ba60c7fb8d23d926ac0621f

SHA512
76215a26588204247027dcfdab4ea583443b2b2873ff92ad7dd5e9a9037c77d20ab4e471b8dd83e642d8481f53dbc0f83f993548dc7d151dead48dc29c1fdc22

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry.zip

Filesize
3.3MB

MD5
efe76bf09daba2c594d2bc173d9b5cf0

SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7

SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\2861719348816.bat

Filesize
424B

MD5
6285a202b1a947b26a6d210a2c0d203a

SHA1
efa212ba06f87c5be6b6c40ac332e276539eed74

SHA256
34e3b00b0116e6596a6531337b09f4598bbeef647251769ee0b4974ff3760698

SHA512
e08070262a895008d0d9280498c687b0b5dafd9c59e73ea75d0814a36f4da58910e30f9ce87ce97c558b073d532783efb69a311249813430db514cd21aad3945

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\@[email protected]

Filesize
890B

MD5
f4612fa9d617ce276edaadab4a138b77

SHA1
fb3784dd5b91c11673f0e0a8739328d7fa365e54

SHA256
a595ec049f0061d975871fb715885b84bd7b897ce605e018a1317dae84cf7869

SHA512
3ac9b016cc4b5e023a10058bb47b4758f2b27bd0fb9cf2032e95f0aa2c6923273a22f877fcac59e2e7c053493d57d2068d0cb9d4f05e6d6be7de20706a2cf013

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\c.wnry

Filesize
780B

MD5
383a85eab6ecda319bfddd82416fc6c2

SHA1
2a9324e1d02c3e41582bf5370043d8afeb02ba6f

SHA256
079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21

SHA512
c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\m.vbs

Filesize
303B

MD5
5810d9ecf21a780f98f61b2e3eca33a2

SHA1
5d6cea381c3b100d84f2d4e0693476c7a9ef65f2

SHA256
52f7d1e1fd727575b149100e6b14e04f49ce80bd86d0281911d935c0dbdc3b86

SHA512
ef8a531d0d0025527062909222788752a95aca1c9d6b1dbbebaa7247c655f3003eedc2070eb9da03f0cfb33b49aa82cf58271b170261c947be9542631f591969

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_italian.wnry

Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_japanese.wnry

Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_korean.wnry

Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_latvian.wnry

Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_norwegian.wnry

Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_polish.wnry

Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_portuguese.wnry

Filesize
37KB

MD5
fa948f7d8dfb21ceddd6794f2d56b44f

SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a

SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_romanian.wnry

Filesize
50KB

MD5
313e0ececd24f4fa1504118a11bc7986

SHA1
e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

SHA256
70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

SHA512
c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_russian.wnry

Filesize
46KB

MD5
452615db2336d60af7e2057481e4cab5

SHA1
442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

SHA256
02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

SHA512
7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_slovak.wnry

Filesize
40KB

MD5
c911aba4ab1da6c28cf86338ab2ab6cc

SHA1
fee0fd58b8efe76077620d8abc7500dbfef7c5b0

SHA256
e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

SHA512
3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_spanish.wnry

Filesize
36KB

MD5
8d61648d34cba8ae9d1e2a219019add1

SHA1
2091e42fc17a0cc2f235650f7aad87abf8ba22c2

SHA256
72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

SHA512
68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_swedish.wnry

Filesize
37KB

MD5
c7a19984eb9f37198652eaf2fd1ee25c

SHA1
06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae

SHA256
146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4

SHA512
43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_turkish.wnry

Filesize
41KB

MD5
531ba6b1a5460fc9446946f91cc8c94b

SHA1
cc56978681bd546fd82d87926b5d9905c92a5803

SHA256
6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415

SHA512
ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\msg\m_vietnamese.wnry

Filesize
91KB

MD5
8419be28a0dcec3f55823620922b00fa

SHA1
2e4791f9cdfca8abf345d606f313d22b36c46b92

SHA256
1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8

SHA512
8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\r.wnry

Filesize
864B

MD5
3e0020fc529b1c2a061016dd2469ba96

SHA1
c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade

SHA256
402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c

SHA512
5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\s.wnry

Filesize
2.9MB

MD5
ad4c9de7c8c40813f200ba1c2fa33083

SHA1
d1af27518d455d432b62d73c6a1497d032f6120e

SHA256
e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b

SHA512
115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\t.wnry

Filesize
64KB

MD5
5dcaac857e695a65f5c3ef1441a73a8f

SHA1
7b10aaeee05e7a1efb43d9f837e9356ad55c07dd

SHA256
97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6

SHA512
06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskdl.exe

Filesize
20KB

MD5
4fef5e34143e646dbf9907c4374276f5

SHA1
47a9ad4125b6bd7c55e4e7da251e23f089407b8f

SHA256
4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79

SHA512
4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\taskse.exe

Filesize
20KB

MD5
8495400f199ac77853c53b5a3f278f3e

SHA1
be5d6279874da315e3080b06083757aad9b32c23

SHA256
2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d

SHA512
0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

Download Submit
C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry\u.wnry

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
memory/1064-2563-0x00007FF898300000-0x00007FF898311000-memory.dmp

Filesize
68KB

Download
memory/1064-2568-0x00007FF898000000-0x00007FF898018000-memory.dmp

Filesize
96KB

Download
memory/1064-2560-0x00007FF8985D0000-0x00007FF8985E7000-memory.dmp

Filesize
92KB

Download
memory/1064-2569-0x00007FF897780000-0x00007FF897791000-memory.dmp

Filesize
68KB

Download
memory/1064-2572-0x00007FF8946A0000-0x00007FF8946B1000-memory.dmp

Filesize
68KB

Download
memory/1064-2571-0x00007FF897490000-0x00007FF8974A1000-memory.dmp

Filesize
68KB

Download
memory/1064-2570-0x00007FF897760000-0x00007FF897771000-memory.dmp

Filesize
68KB

Download
memory/1064-2559-0x00007FF89FCF0000-0x00007FF89FD01000-memory.dmp

Filesize
68KB

Download
memory/1064-2566-0x00007FF897940000-0x00007FF897981000-memory.dmp

Filesize
260KB

Download
memory/1064-2565-0x00007FF890450000-0x00007FF891500000-memory.dmp

Filesize
16.7MB

Download
memory/1064-2590-0x00007FF6D1040000-0x00007FF6D1138000-memory.dmp

Filesize
992KB

Download
memory/1064-2592-0x00007FF8951A0000-0x00007FF895456000-memory.dmp

Filesize
2.7MB

Download
memory/1064-2558-0x00007FF8A03A0000-0x00007FF8A03B7000-memory.dmp

Filesize
92KB

Download
memory/1064-2593-0x00007FF890450000-0x00007FF891500000-memory.dmp

Filesize
16.7MB

Download
memory/1064-2557-0x00007FF8A8010000-0x00007FF8A8028000-memory.dmp

Filesize
96KB

Download
memory/1064-2556-0x00007FF8951A0000-0x00007FF895456000-memory.dmp

Filesize
2.7MB

Download
memory/1064-2562-0x00007FF898320000-0x00007FF89833D000-memory.dmp

Filesize
116KB

Download
memory/1064-2554-0x00007FF6D1040000-0x00007FF6D1138000-memory.dmp

Filesize
992KB

Download
memory/1064-2555-0x00007FF89AB00000-0x00007FF89AB34000-memory.dmp

Filesize
208KB

Download
memory/1064-2561-0x00007FF898340000-0x00007FF898351000-memory.dmp

Filesize
68KB

Download
memory/1064-2591-0x00007FF89AB00000-0x00007FF89AB34000-memory.dmp

Filesize
208KB

Download
memory/1064-2564-0x00007FF894F90000-0x00007FF89519B000-memory.dmp

Filesize
2.0MB

Download
memory/1064-2567-0x00007FF8981B0000-0x00007FF8981D1000-memory.dmp

Filesize
132KB

Download
memory/5100-2513-0x0000000073A40000-0x0000000073AC2000-memory.dmp

Filesize
520KB

Download
memory/5100-2519-0x0000000073AD0000-0x0000000073B52000-memory.dmp

Filesize
520KB

Download
memory/5100-2518-0x00000000006C0000-0x00000000009BE000-memory.dmp

Filesize
3.0MB

Download
memory/5100-2541-0x00000000006C0000-0x00000000009BE000-memory.dmp

Filesize
3.0MB

Download
memory/5100-2520-0x0000000073B60000-0x0000000073B7C000-memory.dmp

Filesize
112KB

Download
memory/5100-2522-0x0000000073A10000-0x0000000073A32000-memory.dmp

Filesize
136KB

Download
memory/5100-2521-0x0000000073A40000-0x0000000073AC2000-memory.dmp

Filesize
520KB

Download
memory/5100-2595-0x00000000006C0000-0x00000000009BE000-memory.dmp

Filesize
3.0MB

Download
memory/5100-2617-0x00000000006C0000-0x00000000009BE000-memory.dmp

Filesize
3.0MB

Download
memory/5100-2623-0x0000000073770000-0x000000007398C000-memory.dmp

Filesize
2.1MB

Download
memory/5100-2515-0x00000000006C0000-0x00000000009BE000-memory.dmp

Filesize
3.0MB

Download
memory/5100-2523-0x0000000073990000-0x0000000073A07000-memory.dmp

Filesize
476KB

Download
memory/5100-2665-0x00000000006C0000-0x00000000009BE000-memory.dmp

Filesize
3.0MB

Download
memory/5100-2512-0x0000000073770000-0x000000007398C000-memory.dmp

Filesize
2.1MB

Download
memory/5100-2514-0x0000000073A10000-0x0000000073A32000-memory.dmp

Filesize
136KB

Download
memory/5100-2511-0x0000000073AD0000-0x0000000073B52000-memory.dmp

Filesize
520KB

Download
memory/5100-2524-0x0000000073770000-0x000000007398C000-memory.dmp

Filesize
2.1MB

Download
memory/5100-2601-0x0000000073770000-0x000000007398C000-memory.dmp

Filesize
2.1MB

Download
memory/5304-996-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download